In this article we will learn about Vulnerability assessment with Nexpose.
What is Vulnerability assessment with Nexpose?
Neexpose is one of the leading vulnerability assessment tools. Neexpose Community Edition is a free program and other editions are paid. In this article, we will use the free community edition of Neexpose, which has the ability to scan 32 hosts. The user interface is clean and the reports are robust. Neexpose features an easy-to-use, well-organized dashboard and, like most of the products we looked at, supports a wide range of compliance reporting, including PCI. To download Nexose, just register on the website and download it.
Open your browser and go to http://localhost:3780 and you will see the Neexpose home page.
In the home page, we can see there is a “Site Listing” section; click on “New Static Site” and it will give “Site Configuration” settings.
The first configuration setting is for “General Information”. As seen in the image above, we gave the title “Page”, set the importance to “Very High” and added some description of the site; now we click on “Next”.
The “Assets” configuration page has two sections as seen in the image above: “Included Assets” and “Excluded Assets”. In the “Included Assets” section, we provide two destination IP addresses. If you scan the entire network range, you will give the entire IP range as follows: 192.168.0.1-254. If you have a selected list of IP addresses, you can import this file using the “Import list” function. “Excluded Assets” is used to exclude assets from scanning. If you are going to scan the entire IP range and want to exclude some IPs from the scan, put those IPs in excluded assets. When finished, click “Next” for further configuration.
The next configuration is for “Scan Setup,” where the first option is for “Scan Template.” Select a template for scanning to meet your needs. Here we are using the “Full audit” template for our scan.
“Enable Schedule” is a unique feature in Neexpose that provides schedule-based auditing. It allows you to set the start date and time as well as the duration of the scan. If you use regular auditing, then this feature is a great thing for security auditors. After “Scan Settings” is finished, click “Next”.
The next configuration is for “Credential dump”. Basically, here we can give the system a username and password to perform a credential-based check. For Windows we need to provide SMB account credentials and for Linux we need to provide SSH credentials. We don’t provide any credentials here, so just skip them and click “Next”.
The next configuration is for “Web Applications.” We don’t need to do anything here, so click on “Next.”
The next configuration is for information about the organization for which we will perform the vulnerability assessment; Neexpose will use this information in the report. Fill out the form or skip it and click “Next”.
The last configuration is for “Access Listing”. If there is more than one Neexpose console user, we can set the permissions for the user who can access this site. Click “Save” and the configuration will be saved.
Here in the site list section we can see that our created site, Oscorp Corporation, has been added and is ready to be scanned. Click “Scan”; on the right is the play button.
It will prompt in a new window to start a new scan; here we can see our targeted IP address. Click on “Start” now.
As can be seen in above figure, our scan has started and, in the “Discovered Assets” section, we can see our target IP’s system name and the operating system it is running.
Once the scan is complete, we can see the “List of Assets” that we have already seen and the “Assets by Operating System”. In this section, Neexpose lists all assets by operating system. Here mine is showing Microsoft Windows 7 Ultimate Edition and the other is Microsoft Windows XP. The next section is “Assets by Software” where Neexpose lists all installed software in the target IP.
Then click on the “Vulnerabilities” tab to see all the vulnerabilities. Here we can see “Exposure”. The first icon indicates susceptibility to malware attacks, the second is exploitable for metasploit, and the third is for a published exploit. So now let’s see what these three icons do. Click on the “M” icon.
It shows the exploits available in metasploit and also the skills required to exploit this vulnerability, which means we can exploit this vulnerability using metasploit. And the second icon shows that the exploit has been published, so we can download these exploits from the exploit database.
Next click on the malware icon to see what information it gives.
It shows the available malware kits from which we can exploit this vulnerability.
We can see in above figure some of the malware kits available for this vulnerability.
Now we will move on to the report section; click on the “Reports” tab.
Give a name for the report in the name field and select a report template type.
Next select the report format. Here we have selected PDF format. Then select “Sites” and click on the plus icon.
Select the site from “Select Report Scope.” Here we select our Oscorp Corporation and click on “Done.”
Our report is generated here; click on the report to view it.